This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(208, 83%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENS%3C/text%3E%3C/svg%3E)
We are trying to publish an azure managed application to the azure marketplace. Our end goal is to deploy the code to the web app along with other required resources provisioning.
Resources are being deployed into the customer tenant, but code deployment to the web app under customer tenant is not happening through our arm templates.
We followed below ways
If anyone who already published the offer to azure marketplace please guide us by sharing the best practices to publish the azure managed application offer.
Thank you
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 20%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPR%3C/text%3E%3C/svg%3E)
Hi Nikhath Sulthana
Just checking in to see if the below answer provided by @Vinodh247 helped. If this answers your query, do click Upvote for was this answer helpful. And, if you have any further query do let us know.
Hi Nikhath Sulthana
We haven't heard back from you. Please reply if you have any questions in this matter and we will gladly continue the discussion.
Hi ,
Thanks for reaching out to Microsoft Q&A.
Publishing an azure Managed Application to the Azure Marketplace with web app code deployment to the customer tenant can be tricky due to security boundaries and deployment limitations. Let me walk you through key issues you are hitting, why they happen, and suggest best practices or alternatives.
Problem: PAT verification failed.
Reason: PATs (Personal Access Tokens) are not the right way to authenticate deployments in ARM templates, especially from Marketplace offers. Marketplace sandboxes limit the ability to use secrets/tokens directly for security reasons.
Problem: ARM is looking for publisher’s Key Vault in customer tenant.
Reason: ARM template runs in customer's context, so it cannot access resources in publisher’s tenant (like your Key Vault).
Problem: Artifact too large when packaging code + infra.
Best Practices to Publish Azure Managed Application with Code Deployment
A. Separation of Infra and App Code
ARM templates are designed to provision infrastructure, not to deploy full-scale applications (especially code). Ideally:
Use custom script extension, Azure DevOps pipeline, or GitHub Actions to deploy app code post-deployment.
B. Use a Deployment Script in ARM
Use ARM template with a Microsoft.Resources/deploymentScripts resource that:
az webapp deployment or zipdeploy.C. Deliver App via Azure Storage and Download in Customer Tenant
In customer deployment, use deployment scripts or custom extensions to download and deploy to the web app.
D. Use Managed Identity for Secure Deployment (if applicable)
If your deployment involves sensitive actions (fetching secrets from customer side Key Vaults), ensure your deployment script or resource uses System Assigned Managed Identity with necessary permissions.
Please feel free to click the 'Upvote' (Thumbs-up) button and 'Accept as Answer'. This helps the community by allowing others with similar queries to easily find the solution.
Hi @Vinodh247
Your answer has given me clear understanding, and correct way of publishing the offer. Thank you!
Hi Nikhath Sulthana,
Glad to know that. Please upvote and 'Accept as answer' so we can close this thread.